<?php
session_start();
include "dbconnect.php";

$inputerror="";
// Connect to server and select databse.
$con=mysql_connect($dbHost, $dbUserAndName, $dbPass);
if(!$con)
{
 die("cannot connect");
}
mysql_select_db($_DB_NAME);

$varUsername=$_POST['Username'];
$varPassword=$_POST['Password'];

// To protect MySQL injection 
$varUsername = stripslashes($varUsername);
$varPassword = stripslashes($varPassword);
$varUsername = mysql_real_escape_string($varUsername);
$varPassword = mysql_real_escape_string($varPassword);

if(empty($varUsername) and empty($varPassword))
{			$inputerror="true";
			echo "Enter the Username and password!"
			;echo "<script>setTimeout(\"location.href = 'index.php';\",500);</script>";
}
else
{

		$sql="SELECT * FROM users WHERE username='".$varUsername."' and password='".$varPassword."'";
		
		$result=mysql_query($sql);
		
			if($result==false)
				{
					echo "Error cannot Login!";
			;echo "<script>setTimeout(\"location.href = 'index.php';\",2000);</script>";
					
				}

		else {


					$count=mysql_num_rows($result);
			$adminrole=0;
			$studrole=0;
			$profrole=0;
			if($count==1)
			{
				while($row=mysql_fetch_array($result))
				{
					$_SESSION['Type']=$row['Typeid'];
					if($row['Typeid']==1)
					$adminrole=1;
					if($row['Typeid']==2)
					$profrole=1;
					if($row['Typeid']==3)
					$studrole=1;
					
					}
				
				$_SESSION['Username']=$varUsername;
				if($studrole==1)
				header("location:applyview.php");
				if($profrole==1)
				header("location:professor.php");
				if($adminrole==1)
				header("location:hireView.php");
			}
		else {
			echo "Wrong Username or password , Plese try again!"
			;echo "<script>setTimeout(\"location.href = 'index.php';\",2000);</script>";
			}
		}
}
?>